![]() Most administrators already use multifactor authentication on other platforms, so having them approve sign-in requests should not have a significant impact. Each time an account assigned a specific Azure AD role logs in or somebody logs into an Azure management tool, they must use multifactor authentication. If an attacker compromises an administrator account, they can take control over a tenant and impact multiple users. It is important to assess the impact on service accounts, for which you can use this blog from Steve Goodman to identify potential blockers.Ĭontrols 3 and 4 (require MFA for Azure AD and Azure administrators) are extremely important controls because administrators are often a target for attackers. If people use up to date Outlook clients (both on mobile and desktop platforms), there should not be much impact for this control. Microsoft will begin the process of removing basic authentication for seven email connection protocols starting October 1, 2022, which is a good indication of how important they believe it is that users should stop using basic authentication. ![]() The last control in the list “blocking legacy authentication,” is a no-brainer and is something every organization should already have on its roadmap. Before turning on Azure AD security defaults, let us investigate what the impact will be for your end-users and administrators. Microsoft deems these settings to be the absolute minimum set of controls to which every tenant should adhere.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |